CVE-2006-1479 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) projectName field in projectReport.php; and the (13) checklistTitle field in checklistReport.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Serge Rey	Gtd-php

Configuration 1 [-]

cpe:2.3:a:serge_rey:gtd-php:0.5:*:*:*:*:*:*:*

References

Link	Resource
http://osvdb.org/ref/24/24149-gtd-php.txt	Exploit
http://secunia.com/advisories/19512
http://www.osvdb.org/24149	Exploit
http://www.osvdb.org/24150	Exploit
http://www.osvdb.org/24151	Exploit
http://www.osvdb.org/24152	Exploit
http://www.osvdb.org/24153	Exploit
http://www.osvdb.org/24154	Exploit
http://www.osvdb.org/24155	Exploit
http://www.osvdb.org/24156	Exploit
http://www.osvdb.org/24157	Exploit
http://www.osvdb.org/24158	Exploit
http://www.securityfocus.com/bid/17366
http://www.vupen.com/english/advisories/2006/1203
https://exchange.xforce.ibmcloud.com/vulnerabilities/25553

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-29T01:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-03-28T00:00:00

Link: CVE-2006-1479

JSON object: View

NVD Information

Status : Modified

Published: 2006-03-29T01:06:00.000

Modified: 2017-07-20T01:30:38.177

Link: CVE-2006-1479

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) projectName field in projectReport.php; and the (13) checklistTitle field in checklistReport.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-1203", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1203"}, {"name": "17366", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17366"}, {"name": "24156", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24156"}, {"name": "24158", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24158"}, {"tags": ["x_refsource_MISC"], "url": "http://osvdb.org/ref/24/24149-gtd-php.txt"}, {"name": "24151", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24151"}, {"name": "gtdphp-multiple-scripts-xss(25553)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25553"}, {"name": "24154", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24154"}, {"name": "24153", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24153"}, {"name": "24149", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24149"}, {"name": "24150", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24150"}, {"name": "24152", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24152"}, {"name": "19512", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19512"}, {"name": "24155", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24155"}, {"name": "24157", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24157"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1479", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) projectName field in projectReport.php; and the (13) checklistTitle field in checklistReport.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-1203", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1203"}, {"name": "17366", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17366"}, {"name": "24156", "refsource": "OSVDB", "url": "http://www.osvdb.org/24156"}, {"name": "24158", "refsource": "OSVDB", "url": "http://www.osvdb.org/24158"}, {"name": "http://osvdb.org/ref/24/24149-gtd-php.txt", "refsource": "MISC", "url": "http://osvdb.org/ref/24/24149-gtd-php.txt"}, {"name": "24151", "refsource": "OSVDB", "url": "http://www.osvdb.org/24151"}, {"name": "gtdphp-multiple-scripts-xss(25553)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25553"}, {"name": "24154", "refsource": "OSVDB", "url": "http://www.osvdb.org/24154"}, {"name": "24153", "refsource": "OSVDB", "url": "http://www.osvdb.org/24153"}, {"name": "24149", "refsource": "OSVDB", "url": "http://www.osvdb.org/24149"}, {"name": "24150", "refsource": "OSVDB", "url": "http://www.osvdb.org/24150"}, {"name": "24152", "refsource": "OSVDB", "url": "http://www.osvdb.org/24152"}, {"name": "19512", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19512"}, {"name": "24155", "refsource": "OSVDB", "url": "http://www.osvdb.org/24155"}, {"name": "24157", "refsource": "OSVDB", "url": "http://www.osvdb.org/24157"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1479", "datePublished": "2006-03-29T01:00:00", "dateReserved": "2006-03-28T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:serge_rey:gtd-php:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6D08A4E4-8143-4311-9489-FEFB6089FA7D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) projectName field in projectReport.php; and the (13) checklistTitle field in checklistReport.php."}], "id": "CVE-2006-1479", "lastModified": "2017-07-20T01:30:38.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-29T01:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://osvdb.org/ref/24/24149-gtd-php.txt"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19512"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24149"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24150"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24151"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24152"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24153"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24154"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24155"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24156"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24157"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.osvdb.org/24158"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17366"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1203"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25553"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}